Google on Tuesday published the Android Security Bulletin for September 2021 with patches for a total of 40 vulnerabilities, including seven that are rated critical.
A total of 16 issues were patched with the first part of this month’s security updates – the 2021-09-01 security patch level – including one critical issue in the Framework component. Tracked as CVE-2021-0687, the security bug affects Android 8.1, 9, 10, and 11.
“The most severe of these issues is a critical security vulnerability in the Framework component that could enable a remote attacker using a specially crafted file to cause a permanent denial of service,” according to Google’s advisory.
Six other vulnerabilities were patched in the Framework component, all considered high-severity. These include five elevation of privilege flaws and one information disclosure vulnerability.
Google also released patches for two high severity information disclosure issues in Media framework, and seven vulnerabilities in the System component: six high severity (two elevation of privilege and four information disclosure bugs) and one medium severity (elevation of privilege).
This month’s Android patches also include a Google Play system update to address the CVE-2021-0690 vulnerability.
The second part of September 2021’s set of patches arrives on devices as the 2021-09-05 security patch level and includes fixes for a total of 23 vulnerabilities in Kernel components, MediaTek components, Unisoc components, Qualcomm components, and Qualcomm closed-source components.
Seven of these security holes, all of them addressed in Qualcomm closed-source components, are rated critical.
Google also announced patches Pixel devices address a total of nine other vulnerabilities, in Kernel, Pixel components, Qualcomm components, and Qualcomm closed-source components.
Pixel devices running a security patch level of 2021-09-05 or later have been patched for all of these issues, as well as for the vulnerabilities in the September 2021 Android Security Bulletin.